diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 143833ec..81339685 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,7 +17,7 @@ updates: - package-ecosystem: github-actions directory: / schedule: - interval: weekly + interval: monthly - package-ecosystem: gradle directory: / registries: diff --git a/.github/release.yml b/.github/release.yml index 8681c94f..498cfa3e 100644 --- a/.github/release.yml +++ b/.github/release.yml @@ -4,6 +4,7 @@ changelog: - documentation - subtask - chore + - github_actions categories: - title: Breaking Changes 🛠 labels: [ breaking-change ] diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6ec2c70e..db8a78cf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -40,7 +40,7 @@ jobs: - name: Build env: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - run: ./gradlew javadoc check coveralls + run: ./gradlew build coveralls - name: Publish if: github.event_name == 'push' || github.event.inputs.publish_artifacts == 'true' env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f23e6066..a8f3219e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ jobs: distribution: 'adopt' cache: gradle - name: Ensure build is green - run: ./gradlew check + run: ./gradlew build - name: Release run: | # The following command will trigger the build.yml workflow as it pushes a release tag diff --git a/buildSrc/src/main/kotlin/creek-common-convention.gradle.kts b/buildSrc/src/main/kotlin/creek-common-convention.gradle.kts index 0b103a7f..67f19631 100644 --- a/buildSrc/src/main/kotlin/creek-common-convention.gradle.kts +++ b/buildSrc/src/main/kotlin/creek-common-convention.gradle.kts @@ -17,9 +17,11 @@ /** * Standard configuration of Creek projects * - *

Version: 1.2 - * *

Apply to all java modules, usually excluding the root project in multi-module sets. + * + *

Version: 1.4 + * - 1.4: Add findsecbugs-plugin + * - 1.3: Fail on warnings for test code too. */ plugins { @@ -64,12 +66,16 @@ repositories { mavenCentral() } +dependencies { + spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0") +} + configurations.all { // Reduce chance of build servers running into compilation issues due to stale snapshots: resolutionStrategy.cacheChangingModulesFor(15, TimeUnit.MINUTES) } -tasks.compileJava { +tasks.withType { options.compilerArgs.add("-Xlint:all,-serial,-requires-automatic,-requires-transitive-automatic,-module") options.compilerArgs.add("-Werror") } diff --git a/buildSrc/src/main/kotlin/creek-plugin-publishing-convention.gradle.kts b/buildSrc/src/main/kotlin/creek-plugin-publishing-convention.gradle.kts index fa12125c..3cfc27ac 100644 --- a/buildSrc/src/main/kotlin/creek-plugin-publishing-convention.gradle.kts +++ b/buildSrc/src/main/kotlin/creek-plugin-publishing-convention.gradle.kts @@ -17,11 +17,12 @@ /** * Configuration for Creek Gradle plugin publishing. * - *

Version: 1.2 + *

Version: 1.3 + * - 1.3: Switch to setting 'system' from issue-management * *

Apply this plugin to any module publishing a Gradle plugin. * - *

Do NOT ally the `creek-publishing-convention`. + *

Do NOT apply the `creek-publishing-convention`. */ plugins { @@ -115,7 +116,7 @@ publishing { } issueManagement { - name.set("GitHub issues") + system.set("GitHub issues") url.set("https://github.com/creek-service/${rootProject.name}/issues") } diff --git a/buildSrc/src/main/kotlin/creek-publishing-convention.gradle.kts b/buildSrc/src/main/kotlin/creek-publishing-convention.gradle.kts index 4bca3e65..f7c5fb42 100644 --- a/buildSrc/src/main/kotlin/creek-publishing-convention.gradle.kts +++ b/buildSrc/src/main/kotlin/creek-publishing-convention.gradle.kts @@ -17,7 +17,8 @@ /** * Standard configuration for Creek library publishing * - *

Version: 1.2 + *

Version: 1.3 + * - 1.3: Switch to setting 'system' from issue-management * *

Apply this plugin only to subprojects if in multi-module setup. * @@ -97,11 +98,6 @@ publishing { url.set("https://www.creekservice.org") } - issueManagement { - name.set("GitHub issues") - url.set("https://github.com/creek-service/${rootProject.name}/issues") - } - developers { developer { name.set("Andy Coates") @@ -116,6 +112,11 @@ publishing { developerConnection.set("scm:git:ssh://github.com/creek-service/${rootProject.name}.git") url.set("https://github.com/creek-service/${rootProject.name}") } + + issueManagement { + system.set("GitHub issues") + url.set("https://github.com/creek-service/${rootProject.name}/issues") + } } } } diff --git a/executor/src/main/java/org/creekservice/internal/system/test/executor/cli/PicoCliParser.java b/executor/src/main/java/org/creekservice/internal/system/test/executor/cli/PicoCliParser.java index 222da426..0e2e2ed0 100644 --- a/executor/src/main/java/org/creekservice/internal/system/test/executor/cli/PicoCliParser.java +++ b/executor/src/main/java/org/creekservice/internal/system/test/executor/cli/PicoCliParser.java @@ -20,6 +20,7 @@ import static org.creekservice.api.base.type.Preconditions.requireNonEmpty; import static org.creekservice.internal.system.test.executor.execution.debug.ServiceDebugInfo.DEFAULT_BASE_DEBUG_PORT; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Duration; @@ -360,6 +361,7 @@ private static final class Mount implements MountInfo { private final Path containerPath; private final boolean readOnly; + @SuppressFBWarnings(value = "PATH_TRAVERSAL_IN", justification = "Trusted user input") Mount(final String hostPath, final String containerPath, final boolean readOnly) { this.hostPath = Paths.get(requireNonEmpty(hostPath, "hostPath")); this.containerPath = Paths.get(requireNonEmpty(containerPath, "containerPath")); diff --git a/executor/src/test/java/org/creekservice/api/system/test/executor/SystemTestExecutorFunctionalTest.java b/executor/src/test/java/org/creekservice/api/system/test/executor/SystemTestExecutorFunctionalTest.java index 29c06161..1063d825 100644 --- a/executor/src/test/java/org/creekservice/api/system/test/executor/SystemTestExecutorFunctionalTest.java +++ b/executor/src/test/java/org/creekservice/api/system/test/executor/SystemTestExecutorFunctionalTest.java @@ -29,6 +29,7 @@ import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.startsWith; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; @@ -536,6 +537,7 @@ private int runExecutor(final String[] cmdArgs) { return runExecutor(javaArgs, cmdArgs); } + @SuppressFBWarnings(value = "COMMAND_INJECTION", justification = "Test code") private int runExecutor(final String[] javaArgs, final String[] cmdArgs) { final List cmd = buildCommand(javaArgs, cmdArgs); diff --git a/parser/src/test/java/org/creekservice/api/system/test/parser/TestPackagesLoaderTest.java b/parser/src/test/java/org/creekservice/api/system/test/parser/TestPackagesLoaderTest.java index 1ca351b0..9e60ef34 100644 --- a/parser/src/test/java/org/creekservice/api/system/test/parser/TestPackagesLoaderTest.java +++ b/parser/src/test/java/org/creekservice/api/system/test/parser/TestPackagesLoaderTest.java @@ -189,6 +189,7 @@ void shouldFilterPackages() { } } + @SuppressWarnings("try") @Test void shouldLoadLazily() { // When: